d5167377203f86143e944c61f40fc91d6f1c032b9f9e1187340630182fd5aefe

Sharing

Copy URL

Twitter E-mail

General

Target

d5167377203f86143e944c61f40fc91d6f1c032b9f9e1187340630182fd5aefe
Size

27KB
MD5

8dabfea0ce4628944177b350eb519e10
SHA1

e5a1398294390d94d648764da0f19975c5222e97
SHA256

d5167377203f86143e944c61f40fc91d6f1c032b9f9e1187340630182fd5aefe
SHA512

ced338c4571a3afaeac9a7faecf7f50d5acdadb7041c1e90160b5dfe2aae6f537afc311cff360f664c5a4d93a5493c9a515664dff7ba619033db1cf289348363
SSDEEP

384:nfWcY8EcJLfW2Mih/QFXF6ESQjrRtLL58c468344jasb/9vwTmj8uWlKkfuUX:nfdhJLu2M5F6ETdL58n6+b/GTsgl9l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5167377203f86143e944c61f40fc91d6f1c032b9f9e1187340630182fd5aefe

Files

d5167377203f86143e944c61f40fc91d6f1c032b9f9e1187340630182fd5aefe
.dll windows x86

4298c30b03ee465b494fe0818db03f80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php8ts

zend_throw_exception_ex
php_info_print_table_start
php_info_print_table_header
zend_declare_class_constant_long
php_info_print_table_end
php_pdo_get_dbh_ce
php_info_print_table_row
php_pdo_register_driver
php_pdo_unregister_driver
php_file_le_stream
php_file_le_pstream
_php_stream_copy_to_mem
zend_one_char_string
add_assoc_long_ex
zend_fetch_resource2_ex
_zend_new_array@@4
zend_binary_strncasecmp@@20
php_strlcpy
_try_convert_to_string@@4
zval_ptr_dtor
zend_hash_find@@8
zend_strpprintf
zend_is_true@@4
_is_numeric_string_ex@@28
zval_get_string_func@@4
zend_empty_string
pdo_raise_impl_error
zend_spprintf
_emalloc@@4
_efree@@4
zend_hash_str_update@@16
_zend_hash_init@@16
_estrdup@@4
ap_php_slprintf
__zend_strdup
zend_hash_destroy@@4
__zend_calloc
php_pdo_parse_data_source
php_pdo_get_exception
add_next_index_long
php_strlcat
add_next_index_string
_ecalloc@@8
pdo_get_bool_param
zval_try_get_string_func@@4

fbclient

ord183
ord165
ord201
ord128
ord180
ord103
ord174
ord197
fb_interpret
ord194
ord114
ord178
ord160
ord200
ord113
ord152
ord139
ord261
ord118
ord262
ord190
ord263
ord144
ord108
ord182
ord270
ord169
ord173
ord181
ord115

kernel32

GetCurrentProcessId
GetProcAddress
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleA
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

vcruntime140

memcpy
strchr
__std_type_info_destroy_list
memset
_except_handler4_common
memmove

api-ms-win-crt-string-l1-1-0

strncat
_strnicmp
_stricmp
strncmp
strncpy

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initterm_e
_initterm
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_execute_onexit_table
_initialize_onexit_table

Exports

Exports

get_module

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4298c30b03ee465b494fe0818db03f80

Headers

DLL Characteristics

File Characteristics

Imports

php8ts

fbclient

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB